The protection and security of customer information is vital from an organization's perspective, not only to comply with applicable laws, but to earn and keep customer's trust. Enhanced security often comes at the cost of convenience for the user. For example, customers may be required to answer additional security questions.
Security analysts have identified three authentication factors that can be used in making a positive identification: ownership (something only the user has), knowledge (something only the user knows), and inherence (something only the user is). Elements used to verify the first factor, ownership, may include a phone, a security token, or a software token. Elements used to verify the knowledge factor may include a password, username, personal identification number (PIN) or answers to security questions. Elements used to verify the inherence factor may include biometric data.